package com.readygo.boot_test.config;

import com.readygo.boot_test.auth.RedirectAuthFailHandler;
import com.readygo.boot_test.auth.RedirectAuthSuccessHandler;
import com.readygo.boot_test.auth.RedirectLogoutSuccessHandler;
import com.readygo.boot_test.auth.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import javax.sql.DataSource;

@Configurable
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    @Autowired
    private RedirectAuthFailHandler redirectAuthFailSuccessHandler;

    @Autowired
    private RedirectAuthSuccessHandler redirectAuthSuccessHandler;

    @Autowired
    private RedirectLogoutSuccessHandler redirectLogoutSuccessHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        http.authorizeRequests().anyRequest().permitAll();

//        If you are using Spring MVC <form:form> tag or Thymeleaf 2.1+ and are using @EnableWebSecurity, the CsrfToken
//        is automatically included for you (using the CsrfRequestDataValueProcessor).
        http.csrf();
        http.authorizeRequests()
                .antMatchers("/", "/home").permitAll()
                .antMatchers("/manage", "/manage/**").permitAll()
                .anyRequest().authenticated();

        http.formLogin()
                .loginPage("/login")
//                .successHandler("/hello")
                .successHandler(redirectAuthSuccessHandler)
                .failureHandler(redirectAuthFailSuccessHandler)
                .failureUrl("/login")
                .permitAll();

        http.logout()
                .logoutUrl("/logout")
                .logoutSuccessHandler(redirectLogoutSuccessHandler)
                .invalidateHttpSession(true)
                .permitAll();
//        http.userDetailsService(userDetailsService);


//        http.cors();
//        http.csrf()
//        http.sessionManagement().sessio
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

        auth.authenticationProvider(authenticationProvider())
                .userDetailsService(userDetailsService);
        ;
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
        provider.setPasswordEncoder(bCryptPasswordEncoder());//BC加密
        provider.setUserDetailsService(userDetailsService);

        return provider;
    }

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
